Cookie-based Authentication Bypass in phpABook 0.9 Intermediate

Cookie-based Authentication Bypass in phpABook 0.9 Intermediate

CVE-2020-8510 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

Learn more about our User Device Pen Test.